BoryptGrabͨ¹ýGitHub²Ö¿â¼Ù×°´«²¼

°ä²¼¹¦·ò 2026-03-09

1. BoryptGrabͨ¹ýGitHub²Ö¿â¼Ù×°´«²¼


3ÔÂ8ÈÕ £¬Ç÷Ïò¿Æ¼¼½üÈÕÅû¶һ·ͨ¹ý100Óà¸öGitHub´úÂë¿â´ó¹æÄ£·Ö·¢BoryptGrabÐÅÏ¢ÇÔÈ¡·¨Ê½µÄ¹¥»÷»î¶¯¡£¸Ã¶ñÒâÈí¼þÒÔC/C++±àд £¬Ö÷ÌâÖ°ÄÜÊÇÇÔÈ¡ä¯ÀÀÆ÷¡¢¼ÓÃÜÇ®±ÒÇ®°üÊý¾Ý¡¢ÏµÍ³ÏêÇé¼°³£ÓÃÎļþ £¬²¢Í¨¹ýѹËõÎļþÉÏ´«ÖÁ¹¥»÷Õß·þÎñÆ÷¡£²¿ÃűäÖֻᲿÊðTunnesshClient PyInstallerºóÃÅ £¬³ÉÁ¢·´ÏòSSHËí·ʵÏÖÔ¶³Ì½ÚÔì¡£¹¥»÷Õßѡȡ¶à²ã¼Ù×°Õ½Êõ£º½«¶ñÒâ´úÂëǶÈë¼Ù×°³ÉÈí¼þ¹¤¾ß¡¢ÓÎÏ·Îè±×Æ÷µÄZIPѹËõ°ü £¬Á´½ÓÖÁGitHub´æ´¢¿â¡£Í¨¹ýÔÚREADMEÖÐÌî³äSEO¹Ø¼ü´Ê £¬Ê¹¶ñÒâ²Ö¿âÔÚËÑË÷ÒýÇæÖÐÅÅÃû¿¿Ç° £¬ÀýÈç·ÂÕÕVoicemod ProÏÂÔØÒ³Ãæ £¬ÀûÓú¬"github-io"µÄZIPÎļþÃûÓÕµ¼Óû§ÏÂÔØ¡£Ï°È¾Á´Ô̺¬¶àÖÔìô¶¯·½Ê½¡£BoryptGrab¾ß±¸·´·ÖÎö»úÔ죺ͨ¹ý×¢²á±í²éÎʺÍÐé¹¹»úÎļþ¼ì²âÐé¹¹»·¾³ £¬±È¶ÔÔËǰ¹ý³ÌÁбí £¬²¢³¢ÊÔÌáÉýȨÏÞ¡£Èôδָ¶¨Êäǰ·×Ó £¬½«°´µ±Ç°¹¦·ò¡¢¹«ÍøIPºÍ¹ú¶È´úÂëÌìÉú»î´¢Ä¿Â¼¡£Æä"ÎļþץȡÆ÷"Ä£¿é¿ÉÍøÂçÌØ¶¨À©´óÃûµÄ³£ÓÃĿ¼Îļþ £¬Ð±äÖÖ»¹Ôö³¤ÁËDiscord´ú±ÒÇÔȡְÄÜ¡£


https://securityaffairs.com/189110/malware/massive-github-malware-operation-spreads-boryptgrab-stealer.html


2. Velvet TempestÀûÓÃClickFix¼¼Êõ²¿Êð¶ñÒâÈí¼þ


3ÔÂ7ÈÕ £¬±»×·×ÙΪ"Velvet Tempest"£¨±ðºÅDEV-0504£©µÄÀÕË÷Èí¼þÍþвÐÐΪÕß £¬Õýͨ¹ýClickFix¼¼ÊõºÍºÏ·¨WindowsʵÓ÷¨Ê½²¿ÊðDonutLoader¶ñÒâÈí¼þ¼°CastleRATºóÃÅ¡£¸Ã×éÖ¯×÷ΪÀÕË÷Èí¼þ¹¥»÷µÄ´ÓÊô×éÖ¯ÒÑ»îÔ¾ÖÁÉÙÎåÄê £¬Ôø²Î¼Ó²¿ÊðRyuk¡¢REvil¡¢Conti¡¢BlackMatter¡¢BlackCat/ALPHV¡¢LockBitºÍRansomHubµÈ¶à¿î·ÛËéÐÔÀÕË÷Èí¼þ¡£ÍøÂçºýŪÍþвµý±¨¹«Ë¾MalBeaconÔÚ·ÂÕÕ·ÇͶ»ú×éÖ¯»·¾³Öй۲쵽¸Ã×éÖ¯12ÌìµÄ¹¥»÷ÐÐΪ¡£¹¥»÷³õʼ½×¶Îͨ¹ý¶ñÒâ¸æ°×»î¶¯Ö´ÐÐ £¬ÀûÓÃClickFixÓëCAPTCHA»ìºÏºýŪ £¬ÓÕµ¼Êܺ¦Õß½«»ìºÏºÅÁîÕ³ÌùÖÁWindowsÔËÐжԻ°¿ò £¬´¥·¢Ç¶Ì×cmd.exeÁ´²¢Å²ÓÃfinger.exe»ñÈ¡Ê׸ö¼Ù×°³ÉPDFѹËõÎļþµÄ¶ñÒâÈí¼þ¼ÓÔØÆ÷¡£»ñÈ¡½Ó¼ûȨÏÞºó £¬¹¥»÷ÕßÖ´ÐмüÅ̲Ù×÷½øÐÐActive Directory¿úËÅ¡¢Ö÷»ú·¢ÏÖ¼°»·¾³·ÖÎö £¬²¢Ê¹ÓÃÍйÜÓÚ¹ØÁªTermiteÀÕË÷Èí¼þ¹¤¾ß²¿Êð»·¾³µÄPowerShell¾ç±¾ £¬ÌáÈ¡Chrome´æ´¢µÄÍ´´¦¡£ºóÐø½×¶Îͨ¹ýPowerShellÏÂÔØÖ´ÐкÅÁî £¬×îÖÕ²¿ÊðDonutLoader²¢»ñÈ¡ÓëCastleLoader¹ØÁªµÄCastleRATÔ¶³Ì½Ó¼ûľÂí¡£


https://www.bleepingcomputer.com/news/security/termite-ransomware-breaches-linked-to-clickfix-castlerat-attacks/


3. ÒÁÀÊMuddyWater APT×éÖ¯¶ÔÃÀ»ú¹¹·¢Æð»ìºÏ¹¥»÷


3ÔÂ6ÈÕ £¬²©Í¨ÈüÃÅÌú¿ËÍŶӽüÈÕÅû¶ £¬ÓëÒÁÀʵý±¨ºÍ°²È«Êý£¨MOIS£©¹ØÁªµÄMuddyWater£¨±ðºÅSeedWorm¡¢TEMP.ZagrosµÈ£©APT×éÖ¯Õý¶ÔÃÀ¹ú¶à¼Ò»ú¹¹·¢Æð³ÖÐø¹¥»÷¡£¸Ã»î¶¯×Ô2026Äê2ÔÂÆô¶¯ £¬ÖÁ½ñÈÔÔÚ»îÔ¾ £¬Ö¸±êº­¸ÇÃÀ¹úÒøÐÓ×¢»ú³¡¡¢·ÇͶ»ú×éÖ¯¼°Ò»¼ÒÒÔÉ«Áйú·Àº½¿Õº½ÌìÈí¼þ¹©¸øÉÌ¡£Õâ´Î¹¥»÷ÖÐ £¬MuddyWater²¿ÊðÁËÐÂÐͺóÃÅDindoor £¬ÆäÒÀÀµDenoÔËÐÐʱִÐÐJavaScript/TypeScript´úÂë £¬²¢Ê¹Óá°Amy Cherne¡±Ö¤ÊéÊðÃû¡£Í¬Ê± £¬×êÑÐÈËÔ±·¢ÏÖ¹¥»÷ÕßÊÔͼͨ¹ýRclone¹¤¾ß½«Ö¸±êÈí¼þ¹«Ë¾Êý¾ÝÇÔÈ¡ÖÁWasabiÔÆ´æ´¢Í° £¬µ«´«ÊäÁ˾ÖδÃ÷¡£ÃÀ¹ú»ú³¡ºÍ·ÇͶ»ú×éÖ¯ÍøÂçÖл¹³öÏÖÁ˶ÀÁ¢µÄPythonºóÃÅFakeset £¬¸Ã¶ñÒâÈí¼þʹÓÃÓëSeedworm¹ØÁªµÄÖ¤ÊéÊðÃû £¬ÍйÜÓÚBackblaze·þÎñÆ÷ £¬½øÒ»²½Ó¡Ö¤ÒÁÀʲ¼¾°¡£


https://securityaffairs.com/189060/apt/iran-linked-muddywater-deploys-dindoor-malware-against-u-s-organizations.html


4. TriZettoÒ½ÁÆÊý¾Ýй¶ÊÂÎñÓ°Ï쳬340ÍòÈË


3ÔÂ6ÈÕ £¬Ò½ÁƱ£½¡IT¹«Ë¾TriZetto Provider SolutionsÔâ·ê³Á´óÊý¾Ýй¶ £¬µ¼Ö³¬340ÍòÈ˵ÄÃô¸ÐÐÅϢ¶³ö¡£ÊÂÎñʼÓÚ2024Äê11ÔÂ19ÈÕ £¬ÍþвÐÐΪÕßδ¾­ÊÚȨ½Ó¼û±£ÏÕ×ʸñÑéÖ¤ÂòÂô¼Í¼ £¬ÕâÊÇÒ½ÁÆ·þÎñÌṩ·½Ò½ÖÎǰȷÈÏ»¼Õß±£ÏÕÁìÓòµÄ¹Ø¼üÁ÷³Ì¡£Ö±ÖÁ2025Äê10ÔÂ2ÈÕ £¬¸Ã¹«Ë¾²ÅÔÚÃÅ»§ÍøÕ¾¼ì²âµ½¿ÉÒɻ²¢Æô¶¯µ÷²é £¬µ÷²éÏÔʾ½Ó¼ûÐÐΪ³ÖÐø½üÒ»Äꡣй¶Êý¾ÝÒòÈ˸÷±ð £¬¿ÉÄÜÔ̺¬È«Ãû¡¢ÏÖʵµØÖ·¡¢µ®ÉúÈÕÆÚ¡¢Éç»á°²È«ºÅÂë¡¢½¡¿µ±£ÏÕ»áÔ±±àºÅ¡¢Ò½ÁƱ£ÏÕÊÜÒæÈ˱êʶ·û¡¢ÌṩÉ̼°±£ÏÕ¹«Ë¾Ãû³Æ £¬ÒÔ¼°È˶¡Í³¼Æ¡¢½¡¿µºÍ±£ÏÕÐÅÏ¢¡£µ«Ö§¸¶¿¨¡¢ÒøÐÐÕË»§»òÆäËû²ÆÕþÐÅϢδ±»Ð¹Â¶ £¬ÇÒĿǰδ·¢ÏÖÐÅÏ¢±»ÀÄÓõݸÀý¡£ÊÜÓ°Ïì·þÎñÌṩÉÌÓÚ2025Äê12ÔÂ9ÈÕ»ñ֪ͨ £¬¿Í»§Í¨Öª¹¤×÷Ôò´Ó2026Äê2Ô³õÆô¶¯¡£Æ¾¾ÝÃåÒòÖÝ×ܼì²ì³¤Ìá½»µÄÎļþ £¬ÊÜÓ°ÏìÈËÊý´ï3,433,965ÈË¡£TriZettoÒѲÉÈ¡´ëÊ©¼Óǿϵͳ°²È« £¬²¢´«µÝ·¨Âɲ¿ÃÅ £¬Í¬Ê±ÎªÊÜÓ°ÏìÕßÌṩKrollµÄ12¸öÔÂÃâ·ÑÐÅÓþ¼à¿ØºÍÉí·Ý±£»¤·þÎñ¡£


https://www.bleepingcomputer.com/news/security/cognizant-trizetto-breach-exposes-health-data-of-34-million-patients/


5. CISA´¹Î£ÒªÇóÁª¹ú»ú¹¹½¨¸´iOS¸ßΣ·ì϶


3ÔÂ6ÈÕ £¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©½üÈհ䲼ǿÔìÐÔÖ¸Áî £¬ÒªÇóÁª¹ú»ú¹¹ÔÚ2026Äê3ÔÂ26ÈÕǰ½¨¸´Èý¸ö±»Coruna·ì϶ÀûÓù¤¾ß°ü¹¥»÷µÄiOS°²È«·ì϶¡£ÕâЩ·ì϶Òѱ»ÄÉÈëCISAÒÑÖªÀûÓ÷ì϶Ŀ¼ £¬ÊôÓÚÔ¼ÊøÐÔ²Ù×÷Ö¸ÁBOD£©22-01µÄ¹Ü¿ØÁìÓò¡£¹È¸èÍþвµý±¨Ó××飨GTIG£©×êÑÐÏÔʾ £¬Coruna¹¤¾ß°üͨ¹ý23¸öiOS·ì϶Á´Ö´Ðй¥»÷ £¬ÆäÖÐÎÞÊýΪÁãÈÕ·ì϶¡£¸Ã¹¤¾ß°ü¾ß±¸Ö¸ÕëÈÏÖ¤Â루PAC£©Èƹý¡¢É³ÏäÌÓÒݺÍÒ³Ãæ±£»¤²ã£¨PPL£©ÈƹýÄÜÁ¦ £¬¿ÉʵÏÖWebKitÔ¶³Ì´úÂëÖ´Ðв¢ÌáÉýÖÁÄÚºËȨÏÞ¡£È»¶ø £¬×îаæiOSϵͳ¡¢ÒþÖÔä¯ÀÀģʽ»òÆ»¹ûËø¶¨Ä£Ê½¿ÉÓÐЧ×è¶Ï´ËÀ๥»÷¡£Coruna¹¥»÷Á´Òѱ»¶à¸öÍþвÐÐΪÕßÀûÓãºÔ̺¬¼à¿Ø¹©¸øÉ̿ͻ§¡¢ÒÉËÆ¶íÂÞ˹¹ú¶ÈÖ§³ÖµÄºÚ¿Í×éÖ¯UNC6353 £¬ÒÔ¼°¾­¼ÃÇý¶¯µÄÖйúÍþвÐÐΪÕßUNC6691¡£


https://www.bleepingcomputer.com/news/security/cisa-warns-of-apple-flaws-exploited-in-spyware-crypto-theft-attacks/


6. ÒÁÀÊDust Specter½èAI¹¥»÷ÒÁÀ­¿Ëµ±¾Ö


3ÔÂ6ÈÕ £¬Zscaler ThreatLabz½üÈո淢 £¬ÓëÒÁÀʹØÁªµÄºÚ¿Í×éÖ¯Dust SpecterÕë¶ÔÒÁÀ­¿Ëµ±¾Ö¹ÙÔ±ÌáÒ龫ÃÜÍøÂç¹¥»÷ £¬Í¨¹ý¼ÙÒâÒÁÀ­¿Ë±í½»²¿µÄ´¹µöÓʼþ´«²¼ÐÂÐͶñÒâÈí¼þ £¬Ô̺¬SPLITDROP¡¢TWINTASK¡¢TWINTALK¼°GHOSTFORM¡£Õâ´ÎÐж¯±»ÖиßÏàÐŶȹéÒòÓÚDust Specter £¬ÆäTTPÌØµãÓëÒÁÀʺ¹ÇàÍøÂç¼äµý»î¶¯¸ß¶ÈÎǺÏ¡£¹¥»÷Á´1ÒÔÃÜÂë±£»¤µÄRARÎļþÎªÔØÌå £¬ÄÚº¬¼Ù×°³ÉWinRARµÄSPLITDROPͶ·ÅÆ÷¡£Ö´Ðкó £¬¸Ã¶þ½øÔìÎļþ½âÃܲ¢²¿ÊðTWINTASKÓëTWINTALK¡£¶ñÒâÈí¼þͨ¹ý×¢²á±íÏî³ÉÁ¢ÓƾÃÐÔ £¬ÀûÓÃVLC¡¢WingetUIµÈºÏ·¨Èí¼þ½øÐÐDLL²à¼ÓÔØ¡£TWINTALKÑ¡È¡Ëæ»úÑÓ³¤¡¢×Ô½ç˵URIõè¾¶¼°JWTÁîÅÆÓëC2·þÎñÆ÷ͨѶ £¬Ö§³ÖºÅÁîÖ´ÐÓ×¢ÎļþÉÏ´«¼°ÓÐÐ§ÔØºÉÏÂÔØ¡£¹¥»÷Á´2ÕûºÏÖ°ÄÜÖÁµ¥Ò»¶þ½øÔìÎļþGHOSTFORM £¬Ö±½ÓÔÚÄÚ´æÖÐÖ´ÐкÅÁîÒÔÏ÷¼õÎļþϵͳºÛ¼£¡£¸Ã¶ñÒâÈí¼þ¼Ù×°³ÉÒÁÀ­¿Ë±í½»²¿µ÷²éµÄGoogle±íµ¥ÓÕÆ­Êܺ¦Õß £¬²¢Ñ¡È¡ÒþÐδ°ÌåÑÓ³¤Ö´ÐÓ×¢»¥³âËø²é³­Ô¤·À¶àÊ·ý¡£´úÂë·ÖÎö·¢ÏÖÒì³£ÔªËØ£ºÇ¶Èë±íÇé·ûºÅ¡¢UnicodeÎı¾¼°Õ¼Î»·ûÖµ £¬ÕâÐ©ÌØµãÓëÌìÉúʽAIÌìÉúµÄ´úÂëģʽÏà·û¡£


https://securityaffairs.com/189033/apt/iran-nexus-apt-dust-specter-targets-iraq-officials-with-new-malware.html